Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Windows Firewall Control v.4.6.2.0

    Change log:
    - Fixed: In some circumstances Secure Rules gets enabled even if it disabled in the Security tab. If authorized groups are not already defined, this would delete all the rules which are not in the default groups "Windows Firewall Control" and "Temporary Rules".

    This was a very subtle bug. After creating a rule in version 4.6.1.0, Secure Rules got enabled in the background and proceeded to delete all the rules which were not defined in the list of authorized groups. This problem has occurred for the users that had Secure Rules enabled before updating to version 4.6.1.0.

    The connectivity problems after updating to version 4.6.1.0 were caused by this because the svchost.exe rules were removed.

    If you were in this scenario, please restore a backup of your rules with the new version.

    If you do not have a backup of your rules please do the following steps in order to restore your rules:

    1. Go in Manage Rules and select the existing rules. Probably only the ones from Windows Firewall Control group.
    2. Right click on any of them and from the context menu select Policies -> Export selected rules.
    3. From the same context menu choose Policies -> Restore default rules. This will restore Windows Firewall default set of rules.
    4. Import the file that you exported at step 1 to have your custom rules back.

    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: f7aeba6cd057cc87cb2083e561f621ee78ad3a9a

    Please accept my apologies for all the trouble that was caused by version 4.6.1.0. Thank you for your feedback, your help and your understanding.

    Alexandru

    Regarding the rules that are actually needed to browse the Internet from the hundreds that Windows Firewall has by default, please read my post 2112:
    https://www.wilderssecurity.com/threads/windows-firewall-control-4.347370/page-85#post-2563841
     
    Last edited: Feb 13, 2016
  2. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,030
    Location:
    Mexico
    Thanks a lot for sharing this, bookmarked now.
     
  3. j9ksf

    j9ksf Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    33
    This worked a treat - thank you.
     
    Last edited by a moderator: Feb 14, 2016
  4. hjlbx

    hjlbx Guest

    @alexandrud

    How would I configure WFC to alert when vulnerable processes attempt a network connection - like cmd.exe, powershell.exe, cscript.exe, wscript.exe, etc ?

    In other words, to notify of system process (that normally, would never connect to network) hijack ?
     
  5. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    Medium Filtering profile + Medium notification level
     
  6. hjlbx

    hjlbx Guest

    @alexandrud

    Hmmm... when I do that and execute cmd.exe > ping - there is no WFC alert.

    I am missing something. Perhaps not correct way to test ?
     
  7. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Have you tried temporarily allowing connections for undefined rules by switching to the "Low Filtering" profile?

    Yeah, I experienced this too. I previously had secure rules enabled prior to updating to v4.6.1.0. After the update, it appears all system rules were deleted, living only my 250 user created rules, then I began noticing internet connection problems. So, I set WFC to low filtering for now while I backup my user rules, then when I restored the the default system rules (and experienced Bug #1 noted below), it deleted all of them a few seconds later like you experienced. It appears that although WFC says Secure Rules are not enabled when you look in the Main Panel, it's still some how enabled in WFC's cache. My solution was to enable it, then disable it again in order for WFC cache to be cleared of the setting. But then I experienced Bug #2 noted below. So, went through the described process to restore system default rules, reconfigured network shearing in order to have the Network Shearing Rules appear, and restored my user rules...now everything is working as they should with medium filtering :)

    Suggestions:
    1.) As much as I love WFC's new stricter, yet simpler to manage (and potentially time saving when configured properly), methodology to handling unathorized rules, it would be a good idea if WFC by default came with ALL the default system rules groups in the secure rules section, in conjunction with "Windows Firewall Control" and "Temporary Rules". This would make it even more effective and less damaging to end users when they enable it.

    2.)
    This is another perfect example of why I've been demanding this feature of backwards compatibility with previous WFC Partial Policy File Formats. @alexandrud I recall you a while back saying the formatting wouldn't be changing again, but the need for it to change just keeps arising as WFC gets more and more advanced. Could you please just take the moment to implement backwards compatibility with ALL partial policy formats? From the looks of it, it shouldn't be that difficult to create an if-statement for compatibility checking during import.

    If it fails to import, you can show a dialog saying "This Partial Policy was Created in an Older Version of WFC, Would you like to Convert it to the Latest Version?", user selects yes, then WFC can examine the policy file to determine what needs adjusting/appending and reformat it prior to importing it, literally automating what I did in that post earlier.

    3.)
    Yeah, add a paste button at the side or in the context menu of that text box, similar to the one that's in the registration window of WFC :)

    4.)
    Great idea! I too would really love to see this implemented.​

    Bug Reports:
    1.) Restoring the default rules appears to bring invalid rules for "Windows Peer to Peer collaboration foundation" and "Connect to a Network Projector".
    WFC Invalid Default System Rules.png

    2.) Noticed this after backing-up and restoring the default rules. At the moment, you can't right-click on the blank background in the Manage Rules window, in order to show the rules context menu. So, you won't be able to restore a partial policy, nor would you be able to restore the default system rules, not until you create a blank rule, which you can then right-click to get the rules context menu.​
     
    Last edited: Feb 14, 2016
  8. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    A ping - for example echo - uses the ICMP protocol. You will not see the cmd.exe there ...
     
  9. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    This is not a bug. Such - or similar - rules ARE in default rules (here in my Win 10 too). You can in such cases import over the [Menu, Rules] instead within Rule Manager.
     
  10. hjlbx

    hjlbx Guest

    Thanks @Alpengreis - you da man !

    What can I use to test cmd.exe connect to internet - any idea to test ?

    What should be done with ICMP protocol - any restrictions ?
     
  11. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    190
    Is there any way to let WFC notify me of incoming connection?
     
  12. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Well, guess that's just left over crumbs from Microsoft removing those features from Windows, p2phost (People Near Me, ended with Windows Vista) and netproj (Connect to a Network Projector, ended with Windows 8, had to be enabled in Windows features) both have nothing to do on Windows 10.

    You shouldn't need to switch to the Main Panel to get your rules back when you're at the "Manage Rules" screen...just not intuitive. Would be great to simply have access to the context menu when you right-click that blank background.
     
  13. hjlbx

    hjlbx Guest

    Someone please explain options outlined ?

    WFC.PNG
     
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
    I will add a way to add insert the groups from the existing rules. I am already working on this.
    I will not add backward compatibility support for old policy files (wpw format with XML content). The format did not change again. The latest change in the wpw format was in WFC 4.5.2.0 (05.08.2015) because Windows 10 added new properties. Please export your rules again in order to have your partial policy files updated.
    I am investigating why the context menu does not work while the content is empty. If the textbox has a value (at least one character) the context menu works (Cut, Copy, Paste).
    I will add support for @*
    Not a bug from my point of view. If your rules set contained invalid rules when you exported them, then it is normal to have those invalid rules back when you import the policy. Maybe they are only temporarily invalid.
    I will see what can be done about this. The context menu is set on the data grid and that blank area is not the data grid but the container of it. I will find a solution.
    No. Windows Firewall itself displays notifications when an application want to open a port on your computer (inbound access). WFC does provide notifications for outbound blocked connections. However, you can check the Connections Log for inbound blocked connections if you are looking for something specific.
     
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,097
    Location:
    Romania
  16. hjlbx

    hjlbx Guest

    @alexandrud

    Low filtering creates generic Allow rules for digitally signed applications - correct ?

    Also, I only want firewall rules created after WFC is installed. I should enable Secure Rules and WFC will delete all the other rubbish (= essentially allows me to start "clean-slate" with WFC) ?
     
  17. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    I don't know exactly. It SEEMS it's removed in Win 10 then I read about a workaround to install or activate it via [Settings -> Project to a Second Screen]. NOT TRIED AND NOT SURE ABOUT THIS.

    However: if rules are default rules, then it's necessary to bring back after reset! Else a reset is no more a reset!

    This means:
    [Restore Windows Firewall default set of rules] should be the default rule set.
    [Restore Windows Firewall Control recommended rules] should be the default rule set PLUS the recommended WFC rules.

    I wrote just a workaround. Of course, it would be better without! So: ACK :)
     
  18. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    554
    Location:
    Switzerland
    Well ICMP is a wide (and not easy) field. It had even a different DEFAULT ICMP setting in Win 7 to Win 10.

    So or so I can and will not give a global suggestion for ICMP.

    JUST FOR INFO - FOR ME PERSONALLY, the following ICMP restrictions were necessary:

    I had to create rules (in- and outbound) (additionally with other steps) to prevent leaks while I use VPN.

    However: it's a bit too technical for this forum and has no direct relation to WFC ...

    BTW: also to create ICMP rules is not easy, because it exist different ICMP types and codes which can not defined within WFC (you have to use the original Windows Firewall).

    And last but not least: the handling of ICMP rules within WFC is also not easy, because as I said: ICMP type and codes are not supported within WFC; additionally: if you change a rule from ICMP to ICMPv6 or vice versa within WFC, the ICMP type is always set to Any (regardless the setting before).

    Maybe exist (many) other (special) situations where it's necessary to restrict ICMP ... no idea about it ...
     
  19. guest

    guest Guest

    Thanks :thumb:
     
  20. hjlbx

    hjlbx Guest

    @alexandrud
    @Alpengreis

    Also, I only want firewall rules created after WFC is installed.

    Should I enable Secure Rules and WFC will delete the built-in Windows Firewall rubbish (= essentially allows me to start "clean-slate" with WFC) ?
     
  21. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Same here, block in and out for all protocols listed in the drop-down list, except TCP and UDP. Works wonders when trying to ping or any other outbound request in cmd.exe since it'll pop up a notification from ICMP.
     
  22. hjlbx

    hjlbx Guest

    @marzametal - you created All Programs block rule for each protocol except TCP and UDP ? More infos please.

    TIA.
     
  23. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    @hjlbx - hahaha... that is wishful thinking my friend My apologies if I confused you. I wrote "except TCP and UDP". Block rules trump allow rules, so creating an All Programs block rule would negate custom-made rules for your apps.

    EDIT: The VPN has allowed me to kill the internet until I desire to use it. I have set it up to I can log onto my VPN while WFC is in HFM. I cannot change from HFM until I change netsh.exe from YES to NO in AppGuard. Even after that, when I drop HFM down to MFM, nothing is allowed out since I have block rules for all my apps (I manually disable block rules and enable allow rules as I see fit, depending on what app I wish to use). I only have one Allow Inbound rule, and that is for svchost.exe (dhcp). So, in summary, I can log into the VPN and take a siesta while dreaming of Taylor Swift... without a worry :)
     
    Last edited: Feb 15, 2016
  24. hjlbx

    hjlbx Guest

    @marzametal - so you created block rule for cmd.exe - for all protocols except TCP and UDP ?

    I am not understanding infos.
     
  25. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Feature request (or tweak): Is there any way to implement a 3rd-party browser to perform WHOIS queries and IP verifications? I don't use IE, and have disabled it from the Windows 7 features list.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.